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DETAILED ACTION 
Response to Amendment 

L Applicant's amendments and/or arguments with respect to amended claims 1, 20, 37, 54 
(all independent claims) have been considered but are moot in view of the new ground(s) of 
rejection. 

2. The amendment for 101 rejection has been accepted and the Examiner's provisionally 
101 rejection has been withdrawn. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1-64 are rejected under 35 U.S.C. 102(e) as being anticipated by Wesinger, JR. et 
al. herein after (Wesinger) Pub. No. US 2001/0011304 Al. 

Regarding claims 1, 20, and 54, Wesinger discloses an apparatus/method of providing for a 
plurality of customers (0012 lines 7-8, and 0050; web users ... remote hosts) one or more 
computer services selected from: file, data and archiving services; applications hosting services; 
database hosting services; data warehouse services; knowledge management hosting services; 
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digital media production services; "intellectual property" and streaming media services; simple 
web hosting services; complex e-Commerce web hosting services; high performance 
computation services; electronic messaging and conferencing services; and, learning neuro- 
computer services (0035; web hosting services); the method comprising the steps of: 

setting up on a real computer (fig. 1 ; web server physical machine) at the request of each 
of said customers (0024 and 0026; user connection request to connect and access..,) at least one 
virtual machine (fig. 1 virtual host 1, 2, ... N) for each of said customers, said at least one virtual 
machine for each of said customers having a specification determined in accordance with the 
computer service or services requested by said customer and being configurable by said 
customer (0035 and 0045-0053; configuring multiple virtual hosts and/or client computers based 
on users preferences/budgets), said at least one virtual machine having a separate operating 
system running thereon (distinct and independent multiple virtual servers/hosts 1-n 
running in the same/single physical/real machine.... and each multiple independent and/or 
distinct virtual servers are independently configurable in order to turn different 
capabilities.... it is inherent that the plurality of virtual hosts in the real server 100 runs 
different operating system because they are virtual hosts (see, evidence Wesemann 
6,434,594 Bl col. 8 lines 9-40 that discloses a computer node running different OS to 
provide virtual processing resources). 

Regarding claims 2 and 21, Wesinger further teaches an apparatus/method, wherein plural virtual 
machines are set up within the real computer for at least one of said customers (fig. 1 ; web server 
physical machine and VHL., VHN), 
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Regarding claims 3 and 22, Wesinger further teaches an apparatus/method, wherein the or each 
virtual machine for at least one of said customers is connected to a virtual network set up for said 
at least one customer within the real computer (0021-0027). 

Regarding claims 4 and 23, Wesinger further teaches an apparatus/method, comprising a virtual 
intrusion detection device for detecting an attack on the virtual network (The examiner takes an 
official notice on virtual intrusion detection as a well-known at the time of the invention was 
made because it would enable secure virtual network (see, Cisco News Release by San Jose 
pages 4-5). 

Regarding claims 5 and 24, Wesinger further teaches an apparatus/method, wherein at least one 
virtual machine is connected to a virtual firewall that is connectable to an external network to 
which customers and/or other users can connect such that access to said at least one virtual 
machine by a customer or other user via a said external network can only take place through a 
virtual firewall (0025). 

Regarding claims 6 and 25, Wesinger further teaches an apparatus/method, wherein the or each 
virtual machine for a particular customer is connected to a virtual firewall that is dedicated to 
that customer's virtual machine or machines, each virtual firewall being connectable to an 
external network to which each of said customers and/or other users can connect such that access 
to a virtual machine by a customer or other user via a said external network can only take place 
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through a virtual firewall provided for that virtual machine or machines (0039). 

Regarding claims 7 and 26, Wesinger further teaches an apparatus/method, wherein each virtual 
firewall is set up within the real computer, the or each virtual machine for each customer being 
connected to a first port of the virtual firewall that is dedicated to that customer's virtual machine 
or machines, each virtual firewall having a second port connected to a virtual network that is set 
up within the real computer and that is connectable to an external network (0039). 

Regarding claims 8 and 27, Wesinger further teaches an apparatus/method, wherein the second 
port of each virtual firewall is connected to the same virtual network that is set up within the real 
computer and that is connectable to an external network (0025). 

Regarding claim 9, Wesinger further teaches an apparatus/method, wherein the or at least one of 
the virtual firewalls is implemented by a virtual machine on the real computer, said virtual 
firewall virtual machine running firewall software (0039). 

Regarding claims 10 and 28, Wesinger fiirther teaches an apparatus/method, comprising a 
plurality of real data storage devices and at least one virtual storage subsystem that is configured 
to allow said real data storage devices to emulate one or more virtual storage devices (0026). 

Regarding claims 1 1 and 29, Wesinger fiirther teaches an apparatus/method, wherein the at least 
one virtual storage subsystem is configured to emulate at least one respective virtual storage 
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Regarding claims 12 and 30, Wesinger further teaches an apparatus/method, comprising a 
detection device for detecting evidence of malicious software or hostile attack signatures on the 
at least one virtual storage subsystem (0025). 

Regarding claims 13 and 31, Wesinger further teaches an apparatus/method, wherein the 
apparatus is configurable to provide at least one of the services selected from: file, data and 
archiving services; applications hosting services; database hosting services; data warehouse 
services; knowledge management hosting services; digital media production services; 
"intellectual property" and streaming media services; simple web hosting services; complex e- 
Commerce web hosting services; high performance computation services; electronic messaging 
and conferencing services; and, learning neuro-computer services (0035). 

Regarding claims 14 and 32, Wesinger ftirther teaches an apparatus/method, comprising virtual 
private network software to provide an encrypted communication channel for communication 
between at least some of said virtual machines (0053). 

Regarding claims 15 and 33, Wesinger ftirther teaches an apparatus/method, comprising virtual 
private network software to provide an encrypted communication channel for communication 
between at least one virtual machine and an external computer (0021-0024). 
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Regarding claims 16 and 34, Wesinger further teaches an apparatus/method, comprising virtual 
private network software to provide an encrypted communication channel for communication 
between a first virtual network and a second virtual network (0053). 

Regarding claims 17 and 35, Wesinger further teaches an apparatus/method, comprising virtual 
private network software to provide an encrypted communication channel for communication 
between a virtual network and an external computer (0021-0026). 

Regarding claim 18, Wesinger further teaches an apparatus/method, wherein the real computer 
comprises plural physical computers (fig. 1). 

Regarding claim 19, Wesinger fiirther teaches in combination, a first apparatus according to • 
claim 1 and a second apparatus that is substantially identical to said first apparatus, the first and 
second apparatus being connected by a communications channel so that the second apparatus can 
provide for redundancy of the first apparatus thereby to provide for disaster recovery if the first 
apparatus fails (The Examiner takes an official notice wherein second apparatus for providing 
disaster recovery if the first apparatus/real computer fails. It is well known in the art at the time 
of the invention to have a backup server to recover a disaster when failure of a host server 
because it would provide an efficient service with out failing to provide user requests during 
power outage/system failure (see, Seagate software press releases 1997 pages 1-2). 
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Regarding claims 36 and 55, Wesinger further teaches the method, comprising the step of 
moving said at least one virtual machine from a first real computer to a second real computer 
(The Examiner takes an official notice again because to backup data during system failure the 
step of moving is necessary because it would recover data (see, Seagate software press releases 
1997 pages 1-2)). 

Regarding claims 56 and 59, Wesinger further teaches the apparatus/method wherein at least one 
of said virtual machines provides at least a virtual central processor unit (0021-0023). 

Regarding claims 57 and 60, Wesinger further teaches the apparatus/method, wherein at least 
one of said virtual machines is created using a virtual machine abstraction program (0012). 

Regarding claims 58 and 61, Wesinger further teaches the apparatus/method, wherein at least 
one of said virtual machines is created using machine simulation/emulation software (0023- 
0028). 

Regarding claim 37, Wesinger discloses a method of operating a real computer (fig. 1; web 
server physical machine) on behalf of plural customers (0012 lines 7-8, and 0050; web users ... 
remote hosts), the method comprising the step of: 

operating plural virtual machines (fig. 1 virtual host 7, 2, ... AO on the real computer (fig. 
1 ; web server physical machine), each of said plural virtual machines having a specification 
specified by and configurable by a respective one of the customers in accordance with a 
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computer service to be provided by the virtual machine on behalf of that customer (0035 and 
0045-0053; configuring multiple virtual hosts and/or client computers based on users 
preferences/budgets), said at least one virtual machine having a separate operating system 
ruiming thereon so as to provide respective computer services to the respective customers 
(distinct and independent multiple virtual servers/hosts 1-n running in the same/single 
physical/real machine.... and each multiple independent and/or distinct virtual servers are 
independently configurable in order to turn different capabilities.... it is inherent that the 
plurality of virtual hosts in the real server 100 runs different operating system because they 
are virtual hosts (see, evidence Wesemann 6,434,594 Bl col. 8 lines 9-40 that discloses a 
computer node running different OS to provide virtual processing resources). 

Regarding claim 38, Wesinger further teaches a method, comprising the step of operating plural 
virtual machines within the real computer for at least one of said customers (fig. 1 ; web server 
physical machine and VHl ... VHN). 

Regarding claim 39, Wesinger further teaches a method, comprising the step of operating a 
virtual network for at least one of said customers within the real computer, the or each virtual 
machine for said at least one customer being cormected to said virtual network (0021-0027). 

Regarding claim 40, Wesinger further teaches a method, comprising the step of using a virtual 
intrusion detection device for detecting an attack on the virtual network (The examiner takes an 
official notice on virtual intrusion detection as a well-knovm at the time of the invention was 
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made because it would enable secure virtual network (see, Cisco News Release by San Jose 
pages 4-5). 

Regarding claim 41, Wesinger further teaches a method, wherein at least one virtual machine is 
connected to a virtual firewall, the or each virtual firewall being connected to an external 
network to which customers and/or other users can connect such that access to a virtual machine 
by a customer or other user via a said external network can only take place through a virtual 
firewall (0025). 

Regarding claim 42, Wesinger further teaches a method, wherein the or each virtual machine for 
a particular customer is connected to a virtual firewall that is dedicated to that customer's virtual 
machine or machines, each virtual firewall being connected to an external network to which each 
of said customers and/or other users can connect such that access to a virtual machine by a 
customer or other user via a said external network can only take place through a virtual firewall 
provided for that virtual machine or machines (0039). 

Regarding claim 43, Wesinger further teaches a method, wherein each virtual firewall is set up 
within the real computer, the or each virtual machine for each customer being connected to a first 
port of the virtual firewall that is dedicated to that customer's virtual machine or machines, each 
virtual firewall having a second port connected to a virtual network that is set up within the real 
computer and that is connected to an external network (0039). 
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Regarding claim 44, Wesinger further teaches a method, wherein the second port of each virtual 
firewall is connected to the same virtual network that is set up within the real computer and that 
is connectable to an external network (0025). 

Regarding claim 45, Wesinger further teaches a method, wherein at least one virtual storage 
subsystem is provided and configured to allow multiple real data storage devices to emulate one 
or more virtual storage devices (0026). 

Regarding claim 46, Wesinger further teaches a method, wherein the at least one virtual storage 
subsystem is configured to emulate at least one respective virtual storage device for each 
customer (0026). 

Regarding claim 47, Wesinger further teaches a method, wherein a detection device is used for 
detecting evidence of malicious software or hostile attack signatures on the at least one virtual 
storage subsystem (0025). 

Regarding claim 48, Wesinger further teaches a method, wherein the services provided include at 
least one of the services selected from: file, data and archiving services; applications hosting 
services; database hosting services; data warehouse services; knowledge management hosting 
services; digital media production services; "intellectual property" and streaming media services; 
simple web hosting services; complex e-Commerce web hosting services; high performance 
computation services; electronic messaging and conferencing services; and, learning neuro- 
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computer services (0035). 

Regarding claim 49, Wesinger further teaches a method, comprising the step of using virtual 
private network software to provide an encrypted communication chaimel for communication 
between at least some of said virtual machines (0053). 

Regarding claim 50, Wesinger fiirther teaches a method, comprising the step of using virtual 
private network software to provide an encrypted communication charmel for communication 
between at least one virtual machine and an external computer (0021-0024). 

Regarding claim 51, Wesinger ftirther teaches a method, comprising the step of using virtual 
private network software to provide an encrypted communication charmel for communication 
between a first virtual network and a second virtual network (0053). 

Regarding claim 52, Wesinger further teaches a method, comprising the step of using virtual 
private network software to provide an encrypted communication channel for communication 
between a virtual network and an external computer (0021-0026). 

Regarding claim 53, Wesinger teaches the method, comprising the step of moving said at least 
one virtual machine from a first real computer to a second real computer (The Examiner takes an 
official notice because to backup data during system failure the step of moving is necessary 
because it would recover data (see, Seagate software press releases 1997 pages 1-2)). 



Application/Control Number: 09/898,286 
Art Unit: 2136 



Page 13 



Regarding claim 62, Wesinger further teaches the apparatus/method wherein at least one of said 
virtual machines provides at least a virtual central processor unit (0021-0023). 

Regarding claim 63, Wesinger further teaches the apparatus/method, v^herein at least one of said 
virtual machines is created using a virtual machine abstraction program (0012). 

Regarding claim 64, Wesinger further teaches the apparatus/method, wherein at least one of said 
virtual machines is created using machine simulation/emulation software (0023-0028). 

Conclusion 

5. Applicants amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE -MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Eleni A. Shiferaw whose telephone number is 571-272-3867. 
The examiner can normally be reached on Mon-Fri 8:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser R. Moazzami can be reached on (571) 272-4195. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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